"Trojanized Installers Used to Distribute Bumblebee Malware"

Security researchers at Securework's Counter Threat Unit discovered that popular software tools such as Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace have been trojanized to distribute the malware known as Bumblebee.  The researchers noted that the infection chain for several of these attacks relied on a malicious Google Ad that sent users to a fake download page via a compromised WordPress site.  The researchers stated that as people look for new tech or want to get involved with the hype around new tech like ChatGPT, Google is the place to find it.  The researchers noted that malicious ads returned in search results are incredibly hard to spot, even for someone with deep technical knowledge.  One of the attacks observed by the researchers relied on a legitimate Cisco AnyConnect VPN installer modified to contain the Bumblebee malware.  According to the researchers, attackers only took three hours to exploit this entry point to deploy additional tools, including Cobalt Strike and a Kerberoasting script.  

Infosecurity reports: "Trojanized Installers Used to Distribute Bumblebee Malware"